14 val default_val_assumes = thm "default_val_assumes"; |
14 val default_val_assumes = thm "default_val_assumes"; |
15 |
15 |
16 Addsimps [var_assumes, default_val_assumes, type_assumes]; |
16 Addsimps [var_assumes, default_val_assumes, type_assumes]; |
17 |
17 |
18 Goalw [state_def] |
18 Goalw [state_def] |
19 "s:state ==> s`In:list(A)"; |
19 "s \\<in> state ==> s`In \\<in> list(A)"; |
20 by (dres_inst_tac [("a", "In")] apply_type 1); |
20 by (dres_inst_tac [("a", "In")] apply_type 1); |
21 by Auto_tac; |
21 by Auto_tac; |
22 qed "In_value_type"; |
22 qed "In_value_type"; |
23 AddTCs [In_value_type]; |
23 AddTCs [In_value_type]; |
24 Addsimps [In_value_type]; |
24 Addsimps [In_value_type]; |
25 |
25 |
26 Goalw [state_def] |
26 Goalw [state_def] |
27 "s:state ==> s`iIn:list(nat)"; |
27 "s \\<in> state ==> s`iIn \\<in> list(nat)"; |
28 by (dres_inst_tac [("a", "iIn")] apply_type 1); |
28 by (dres_inst_tac [("a", "iIn")] apply_type 1); |
29 by Auto_tac; |
29 by Auto_tac; |
30 qed "iIn_value_type"; |
30 qed "iIn_value_type"; |
31 AddTCs [iIn_value_type]; |
31 AddTCs [iIn_value_type]; |
32 Addsimps [iIn_value_type]; |
32 Addsimps [iIn_value_type]; |
33 |
33 |
34 Goalw [state_def] |
34 Goalw [state_def] |
35 "s:state ==> s`Out(n):list(A)"; |
35 "s \\<in> state ==> s`Out(n):list(A)"; |
36 by (dres_inst_tac [("a", "Out(n)")] apply_type 1); |
36 by (dres_inst_tac [("a", "Out(n)")] apply_type 1); |
37 by Auto_tac; |
37 by Auto_tac; |
38 qed "Out_value_type"; |
38 qed "Out_value_type"; |
39 AddTCs [Out_value_type]; |
39 AddTCs [Out_value_type]; |
40 Addsimps [Out_value_type]; |
40 Addsimps [Out_value_type]; |
41 |
41 |
42 val distrib = thm "distr_spec"; |
42 val distrib = thm "distr_spec"; |
43 |
43 |
44 Goal "D:program"; |
44 Goal "D \\<in> program"; |
45 by (cut_facts_tac [distrib] 1); |
45 by (cut_facts_tac [distrib] 1); |
46 by (auto_tac (claset(), simpset() addsimps |
46 by (auto_tac (claset(), simpset() addsimps |
47 [distr_spec_def, distr_allowed_acts_def])); |
47 [distr_spec_def, distr_allowed_acts_def])); |
48 qed "D_in_program"; |
48 qed "D_in_program"; |
49 Addsimps [D_in_program]; |
49 Addsimps [D_in_program]; |
50 AddTCs [D_in_program]; |
50 AddTCs [D_in_program]; |
51 |
51 |
52 Goal "G:program ==> \ |
52 Goal "G \\<in> program ==> \ |
53 \ D ok G <-> \ |
53 \ D ok G <-> \ |
54 \ ((ALL n:nat. G:preserves(lift(Out(n)))) & D:Allowed(G))"; |
54 \ ((\\<forall>n \\<in> nat. G \\<in> preserves(lift(Out(n)))) & D \\<in> Allowed(G))"; |
55 by (cut_facts_tac [distrib] 1); |
55 by (cut_facts_tac [distrib] 1); |
56 by (auto_tac (claset(), |
56 by (auto_tac (claset(), |
57 simpset() addsimps [INT_iff, distr_spec_def, distr_allowed_acts_def, |
57 simpset() addsimps [INT_iff, distr_spec_def, distr_allowed_acts_def, |
58 Allowed_def, ok_iff_Allowed])); |
58 Allowed_def, ok_iff_Allowed])); |
59 by (rotate_tac ~1 2); |
59 by (rotate_tac ~1 2); |
64 qed "D_ok_iff"; |
64 qed "D_ok_iff"; |
65 |
65 |
66 Goal |
66 Goal |
67 "D : ((lift(In) IncreasingWrt prefix(A)/list(A)) Int \ |
67 "D : ((lift(In) IncreasingWrt prefix(A)/list(A)) Int \ |
68 \ (lift(iIn) IncreasingWrt prefix(nat)/list(nat)) Int \ |
68 \ (lift(iIn) IncreasingWrt prefix(nat)/list(nat)) Int \ |
69 \ Always({s:state. ALL elt:set_of_list(s`iIn). elt<Nclients})) \ |
69 \ Always({s \\<in> state. \\<forall>elt \\<in> set_of_list(s`iIn). elt<Nclients})) \ |
70 \ guarantees \ |
70 \ guarantees \ |
71 \ (INT n: Nclients. lift(Out(n)) IncreasingWrt \ |
71 \ (\\<Inter>n \\<in> Nclients. lift(Out(n)) IncreasingWrt \ |
72 \ prefix(A)/list(A))"; |
72 \ prefix(A)/list(A))"; |
73 by (cut_facts_tac [D_in_program, distrib] 1); |
73 by (cut_facts_tac [D_in_program, distrib] 1); |
74 by (full_simp_tac (simpset() addsimps [distr_spec_def, distr_follows_def]) 1); |
74 by (full_simp_tac (simpset() addsimps [distr_spec_def, distr_follows_def]) 1); |
75 by (auto_tac (claset() addSIs [guaranteesI] addIs [Follows_imp_Increasing_left] |
75 by (auto_tac (claset() addSIs [guaranteesI] addIs [Follows_imp_Increasing_left] |
76 addSDs [guaranteesD], |
76 addSDs [guaranteesD], |
78 qed "distr_Increasing_Out"; |
78 qed "distr_Increasing_Out"; |
79 |
79 |
80 val state_AlwaysI2 = state_AlwaysI RS Always_weaken; |
80 val state_AlwaysI2 = state_AlwaysI RS Always_weaken; |
81 |
81 |
82 Goal |
82 Goal |
83 "[| ALL n:nat. G:preserves(lift(Out(n))); \ |
83 "[| \\<forall>n \\<in> nat. G \\<in> preserves(lift(Out(n))); \ |
84 \ D Join G:Always({s:state. \ |
84 \ D Join G \\<in> Always({s \\<in> state. \ |
85 \ ALL elt:set_of_list(s`iIn). elt < Nclients}) |] \ |
85 \ \\<forall>elt \\<in> set_of_list(s`iIn). elt < Nclients}) |] \ |
86 \ ==> D Join G : Always \ |
86 \ ==> D Join G : Always \ |
87 \ ({s:state. msetsum(%n. bag_of (sublist(s`In, \ |
87 \ ({s \\<in> state. msetsum(%n. bag_of (sublist(s`In, \ |
88 \ {k:nat. k < length(s`iIn) &\ |
88 \ {k \\<in> nat. k < length(s`iIn) &\ |
89 \ nth(k, s`iIn)= n})), \ |
89 \ nth(k, s`iIn)= n})), \ |
90 \ Nclients, A) = \ |
90 \ Nclients, A) = \ |
91 \ bag_of(sublist(s`In, length(s`iIn)))})"; |
91 \ bag_of(sublist(s`In, length(s`iIn)))})"; |
92 by (cut_facts_tac [D_in_program] 1); |
92 by (cut_facts_tac [D_in_program] 1); |
93 by (subgoal_tac "G:program" 1); |
93 by (subgoal_tac "G \\<in> program" 1); |
94 by (blast_tac (claset() addDs [preserves_type RS subsetD]) 2); |
94 by (blast_tac (claset() addDs [preserves_type RS subsetD]) 2); |
95 by (etac ([asm_rl, state_AlwaysI2] MRS (Always_Diff_Un_eq RS iffD1)) 1); |
95 by (etac ([asm_rl, state_AlwaysI2] MRS (Always_Diff_Un_eq RS iffD1)) 1); |
96 by Auto_tac; |
96 by Auto_tac; |
97 by (stac (bag_of_sublist_UN_disjoint RS sym) 1); |
97 by (stac (bag_of_sublist_UN_disjoint RS sym) 1); |
98 by (asm_simp_tac (simpset() addsimps [nat_into_Finite]) 1); |
98 by (asm_simp_tac (simpset() addsimps [nat_into_Finite]) 1); |
99 by (Blast_tac 1); |
99 by (Blast_tac 1); |
100 by (Asm_simp_tac 1); |
100 by (Asm_simp_tac 1); |
101 by (asm_full_simp_tac (simpset() addsimps [set_of_list_conv_nth]) 1); |
101 by (asm_full_simp_tac (simpset() addsimps [set_of_list_conv_nth]) 1); |
102 by (subgoal_tac |
102 by (subgoal_tac |
103 "(UN i: Nclients. {k:nat. k < length(x`iIn) & nth(k, x`iIn) = i}) = \ |
103 "(\\<Union>i \\<in> Nclients. {k \\<in> nat. k < length(x`iIn) & nth(k, x`iIn) = i}) = \ |
104 \ length(x`iIn)" 1); |
104 \ length(x`iIn)" 1); |
105 by (Asm_simp_tac 1); |
105 by (Asm_simp_tac 1); |
106 by (resolve_tac [equalityI] 1); |
106 by (resolve_tac [equalityI] 1); |
107 by Safe_tac; |
107 by Safe_tac; |
108 by (asm_full_simp_tac (simpset() addsimps [ltD]) 1); |
108 by (asm_full_simp_tac (simpset() addsimps [ltD]) 1); |
117 qed "distr_bag_Follows_lemma"; |
117 qed "distr_bag_Follows_lemma"; |
118 |
118 |
119 Goal |
119 Goal |
120 "D : ((lift(In) IncreasingWrt prefix(A)/list(A)) Int \ |
120 "D : ((lift(In) IncreasingWrt prefix(A)/list(A)) Int \ |
121 \ (lift(iIn) IncreasingWrt prefix(nat)/list(nat)) Int \ |
121 \ (lift(iIn) IncreasingWrt prefix(nat)/list(nat)) Int \ |
122 \ Always({s:state. ALL elt: set_of_list(s`iIn). elt < Nclients})) \ |
122 \ Always({s \\<in> state. \\<forall>elt \\<in> set_of_list(s`iIn). elt < Nclients})) \ |
123 \ guarantees \ |
123 \ guarantees \ |
124 \ (INT n: Nclients. \ |
124 \ (\\<Inter>n \\<in> Nclients. \ |
125 \ (%s. msetsum(%i. bag_of(s`Out(i)), Nclients, A)) \ |
125 \ (%s. msetsum(%i. bag_of(s`Out(i)), Nclients, A)) \ |
126 \ Fols \ |
126 \ Fols \ |
127 \ (%s. bag_of(sublist(s`In, length(s`iIn)))) \ |
127 \ (%s. bag_of(sublist(s`In, length(s`iIn)))) \ |
128 \ Wrt MultLe(A, r)/Mult(A))"; |
128 \ Wrt MultLe(A, r)/Mult(A))"; |
129 by (cut_facts_tac [distrib] 1); |
129 by (cut_facts_tac [distrib] 1); |